Skills
skills/databricks-solutions/ai-dev-kit/vector-search/Gen Agent Trust Hub

vector-search

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface (Category 8). The skill processes untrusted table content alongside administrative management capabilities.\n
  • Ingestion points: Data is read from Delta tables using spark.table("catalog.schema.documents") in index-types.md.\n
  • Boundary markers: Absent; the skill does not implement delimiters or safety instructions to separate data from commands.\n
  • Capability inventory: Includes create_index, delete_data_vector_index, upsert_data_vector_index, and saveAsTable with overwrite mode.\n
  • Sanitization: Absent; no logic is provided to validate or clean the content retrieved from tables before processing or indexing.\n- [DATA_EXFILTRATION] (LOW): The skill performs network operations via the Databricks Python SDK to communicate with Databricks API and model serving endpoints. While these are necessary for the skill's operation, the domains are not on the explicit whitelist provided in the security policy. No sensitive local file access was detected.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:13 PM